Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ6๐4โค2
๐2
๐ Google Dorking - SQL Errors
site:[TARGET] AND (intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()")
๐4
This media is not supported in the widget
VIEW IN TELEGRAM
๐ฟ17โค1๐1๐ฅ1
046b11141368df687ef66ef418b6bd91.gif
12.9 MB
Bypassing Two-Factor Authentication (2FA)
1. Flawed Two-Factor Verification Logic
- Attackers can log in with their own credentials but change the
2. Clickjacking on 2FA Disable Feature
- Try to iframe the page where 2FA can be disabled. If successful, use social engineering to trick the victim.
3. Response Manipulation
- Check the 2FA request response. If it shows "Success":false, change it to "Success":true to bypass 2FA.
1. Flawed Two-Factor Verification Logic
- Attackers can log in with their own credentials but change the
account cookie to any arbitrary username when submitting the verification code.2. Clickjacking on 2FA Disable Feature
- Try to iframe the page where 2FA can be disabled. If successful, use social engineering to trick the victim.
3. Response Manipulation
- Check the 2FA request response. If it shows "Success":false, change it to "Success":true to bypass 2FA.
๐2โค1
4. Status Code Manipulation
- If the response status code is 4XX, change it to 200 OK to bypass 2FA.
5. 2FA Code Reusability
- Request a 2FA code and use it. Then try reusing it or requesting multiple codes to check if previously requested codes expire.
6. CSRF on 2FA Disable Feature
- Request a 2FA code and use it. Then try reusing it or requesting multiple codes to check if previously requested codes expire.
7. Backup Code Abuse
- Use techniques like response/status code manipulation, brute-force, etc., to bypass backup codes and disable/reset 2FA.
8. Enabling 2FA Doesn't Expire Previous Session
- Log in to the application in two different browsers. Enable 2FA in one session. Use the other session to check if itโs still active, which could be an issue.
9. 2FA Refer Check Bypass
- Directly navigate to the page after 2FA or any authenticated page. If it doesn't work, change the refer header to the 2FA page URL.
10. 2FA Code Leakage in Response
- Capture the request when 2FA code is triggered. Check the response to see if the 2FA code is leaked.
11. JS File Analysis
- Analyze all JS files referred in the response when triggering the 2FA code request to see if any contain information to bypass 2FA.
12. Lack of Brute-Force Protection
- Request 2FA codes repeatedly. If thereโs no rate limit, itโs a rate limit issue. Try brute-forcing the 2FA code.
13. Password Reset/Email Change - 2FA Disable
- Change the victim's email or password. 2FA might be disabled, depending on the organization's policy.
14. Missing 2FA Code Integrity Validation
- Use a valid 2FA code from your account in the victim's 2FA request to see if it bypasses 2FA protection.
15. Direct Request
- Directly navigate to the page after 2FA or any authenticated page. Change the refer header as if you came from the 2FA page.
16. Reusing Token
- Try reusing a previously used token inside the account to authenticate.
17. Sharing Unused Tokens
- Check if you can get a token from your account and use it to bypass 2FA in a different account.
18. Leaked Token
- Check if a token is leaked in the response from the web application.
19. Session Permission
- Use the same session to start the flow using your account and the victim's account. Complete 2FA with your account but try accessing the next step with the victim's account.
20. Password Reset Function
- Check if the password reset function logs the user in after completion. Try reusing the link to reset the password multiple times.
21. Lack of Rate Limit
- Check if thereโs a limit on the number of codes you can try. Brute force if thereโs no limit.
22. Flow Rate Limit but No Rate Limit
- If thereโs a flow rate limit but no rate limit, you can brute force the code with enough time.
23. Re-send Code and Reset the Limit
- If24. Infinite OTP Regeneration
- If you can generate a new OTP infinitely and the OTP is simple enough (e.g., 4 numbers), you can try the same 4 or 5 tokens every time and generate OTPs until it matches.
24. Guessable Cookie
- If the "remember me" functionality uses a guessable code in a new cookie, try to guess it.
25. Guessable Cookie
- If the "remember me" functionality uses a guessable code in a new cookie, try to guess it.
26. IP Address
- If the "remember me" functionality is attached to your IP address, you can try to figure out the IP address of the victim and impersonate it using the X-Forwarded-For header.
27. Subdomains
- Check for "testing" subdomains with login functionality. They might not support 2FA or might have vulnerable versions of it.
28. APIs
- Look for APIs located under a
29. Previous Sessions
- When 2FA is enabled, previous sessions should be ended. If not, an attacker could hijack an active session
- If the response status code is 4XX, change it to 200 OK to bypass 2FA.
5. 2FA Code Reusability
- Request a 2FA code and use it. Then try reusing it or requesting multiple codes to check if previously requested codes expire.
6. CSRF on 2FA Disable Feature
- Request a 2FA code and use it. Then try reusing it or requesting multiple codes to check if previously requested codes expire.
7. Backup Code Abuse
- Use techniques like response/status code manipulation, brute-force, etc., to bypass backup codes and disable/reset 2FA.
8. Enabling 2FA Doesn't Expire Previous Session
- Log in to the application in two different browsers. Enable 2FA in one session. Use the other session to check if itโs still active, which could be an issue.
9. 2FA Refer Check Bypass
- Directly navigate to the page after 2FA or any authenticated page. If it doesn't work, change the refer header to the 2FA page URL.
10. 2FA Code Leakage in Response
- Capture the request when 2FA code is triggered. Check the response to see if the 2FA code is leaked.
11. JS File Analysis
- Analyze all JS files referred in the response when triggering the 2FA code request to see if any contain information to bypass 2FA.
12. Lack of Brute-Force Protection
- Request 2FA codes repeatedly. If thereโs no rate limit, itโs a rate limit issue. Try brute-forcing the 2FA code.
13. Password Reset/Email Change - 2FA Disable
- Change the victim's email or password. 2FA might be disabled, depending on the organization's policy.
14. Missing 2FA Code Integrity Validation
- Use a valid 2FA code from your account in the victim's 2FA request to see if it bypasses 2FA protection.
15. Direct Request
- Directly navigate to the page after 2FA or any authenticated page. Change the refer header as if you came from the 2FA page.
16. Reusing Token
- Try reusing a previously used token inside the account to authenticate.
17. Sharing Unused Tokens
- Check if you can get a token from your account and use it to bypass 2FA in a different account.
18. Leaked Token
- Check if a token is leaked in the response from the web application.
19. Session Permission
- Use the same session to start the flow using your account and the victim's account. Complete 2FA with your account but try accessing the next step with the victim's account.
20. Password Reset Function
- Check if the password reset function logs the user in after completion. Try reusing the link to reset the password multiple times.
21. Lack of Rate Limit
- Check if thereโs a limit on the number of codes you can try. Brute force if thereโs no limit.
22. Flow Rate Limit but No Rate Limit
- If thereโs a flow rate limit but no rate limit, you can brute force the code with enough time.
23. Re-send Code and Reset the Limit
- If24. Infinite OTP Regeneration
- If you can generate a new OTP infinitely and the OTP is simple enough (e.g., 4 numbers), you can try the same 4 or 5 tokens every time and generate OTPs until it matches.
24. Guessable Cookie
- If the "remember me" functionality uses a guessable code in a new cookie, try to guess it.
25. Guessable Cookie
- If the "remember me" functionality uses a guessable code in a new cookie, try to guess it.
26. IP Address
- If the "remember me" functionality is attached to your IP address, you can try to figure out the IP address of the victim and impersonate it using the X-Forwarded-For header.
27. Subdomains
- Check for "testing" subdomains with login functionality. They might not support 2FA or might have vulnerable versions of it.
28. APIs
- Look for APIs located under a
/v*/ directory. Older API endpoints might be vulnerable to 2FA bypass. 29. Previous Sessions
- When 2FA is enabled, previous sessions should be ended. If not, an attacker could hijack an active session
๐10โค1
before 2FA.
30. Improper Access Control to Backup Codes
- If there are CORS misconfigurations or XSS vulnerabilities, backup codes can be stolen and used to bypass 2FA if the username and password are known.
31. Information Disclosure
- If confidential information, like the phone number, appears on the 2FA page that wasn't known previously, it's an information disclosure vulnerability.
32. Bypass 2FA with null or 000000
- Sometimes, 2FA can be bypassed by using null or 000000 as the code.
33. Previously Created Sessions Continue Being Valid After MFA Activation
- Access the same account on two devices. Enable 2FA on one device. If the session on the other device is still active, it's an issue.
34. Enable 2FA Without Verifying the Email
- Check if you can add 2FA to your account without verifying your email.
35. Password Not Checked When Disabling 2FA
- Try to disable 2FA without checking the password. If it succeeds, itโs a vulnerability.
36. โemailโ MFA Mode Allows Bypassing MFA From Victimโs Device When Device Trust Is Not Expired
- Use tools like Burp Suite to intercept requests. Modify the fields to bypass 2FA using the "email" mode.
30. Improper Access Control to Backup Codes
- If there are CORS misconfigurations or XSS vulnerabilities, backup codes can be stolen and used to bypass 2FA if the username and password are known.
31. Information Disclosure
- If confidential information, like the phone number, appears on the 2FA page that wasn't known previously, it's an information disclosure vulnerability.
32. Bypass 2FA with null or 000000
- Sometimes, 2FA can be bypassed by using null or 000000 as the code.
33. Previously Created Sessions Continue Being Valid After MFA Activation
- Access the same account on two devices. Enable 2FA on one device. If the session on the other device is still active, it's an issue.
34. Enable 2FA Without Verifying the Email
- Check if you can add 2FA to your account without verifying your email.
35. Password Not Checked When Disabling 2FA
- Try to disable 2FA without checking the password. If it succeeds, itโs a vulnerability.
36. โemailโ MFA Mode Allows Bypassing MFA From Victimโs Device When Device Trust Is Not Expired
- Use tools like Burp Suite to intercept requests. Modify the fields to bypass 2FA using the "email" mode.
๐ฅ7๐3โค1๐ฟ1
A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hunting!
https://github.com/hahwul/WebHackersWeapons/blob/main/README.md
https://github.com/hahwul/WebHackersWeapons/blob/main/README.md
GitHub
WebHackersWeapons/README.md at main ยท hahwul/WebHackersWeapons
โ๏ธ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting - hahwul/WebHackersWeapons
โค6
โก๏ธuro - Using a URL list for security testing can be painful as there are a lot of URLs that have uninteresting/duplicate content; uro aims to solve that.
๐github.com/s0md3v/uro
๐github.com/s0md3v/uro
1โค6
๐ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ญ๐๐ซ๐ญ๐๐ซ ๐๐๐๐ค ๐
๐๐๐ง๐ญ ๐๐๐๐๐ฌ๐ฌ ๐ญ๐จ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ซ๐จ๐ ๐ซ๐๐ฆ๐ฌ, ๐๐ฅ๐๐ญ๐๐จ๐ซ๐ฆ๐ฌ, ๐๐ฎ๐ข๐๐๐ฌ, ๐๐จ๐จ๐ค๐ฌ, ๐๐ง๐ ๐๐๐๐ฅ ๐๐๐ฉ๐จ๐ซ๐ญ๐ฌ?
๐Do Follow+โค๏ธLike+๐Retweet+๐ฌDM "Bounty" on @brutsecurity_bot
#BugBounty #BugBountyTips
๐๐๐ง๐ญ ๐๐๐๐๐ฌ๐ฌ ๐ญ๐จ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ซ๐จ๐ ๐ซ๐๐ฆ๐ฌ, ๐๐ฅ๐๐ญ๐๐จ๐ซ๐ฆ๐ฌ, ๐๐ฎ๐ข๐๐๐ฌ, ๐๐จ๐จ๐ค๐ฌ, ๐๐ง๐ ๐๐๐๐ฅ ๐๐๐ฉ๐จ๐ซ๐ญ๐ฌ?
๐Do Follow+โค๏ธLike+๐Retweet+๐ฌDM "Bounty" on @brutsecurity_bot
#BugBounty #BugBountyTips
2โค26๐3
Brut Security
๐ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ญ๐๐ซ๐ญ๐๐ซ ๐๐๐๐ค ๐ ๐๐๐ง๐ญ ๐๐๐๐๐ฌ๐ฌ ๐ญ๐จ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ซ๐จ๐ ๐ซ๐๐ฆ๐ฌ, ๐๐ฅ๐๐ญ๐๐จ๐ซ๐ฆ๐ฌ, ๐๐ฎ๐ข๐๐๐ฌ, ๐๐จ๐จ๐ค๐ฌ, ๐๐ง๐ ๐๐๐๐ฅ ๐๐๐ฉ๐จ๐ซ๐ญ๐ฌ? ๐Do Follow+โค๏ธLike+๐Retweet+๐ฌDM "Bounty" on @brutsecurity_bot #BugBounty #BugBountyTips
Click on this button, you will get the materials @brutsecurity_bot
โค2๐ฟ1
Brut Security pinned ยซ๐ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ญ๐๐ซ๐ญ๐๐ซ ๐๐๐๐ค ๐ ๐๐๐ง๐ญ ๐๐๐๐๐ฌ๐ฌ ๐ญ๐จ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ซ๐จ๐ ๐ซ๐๐ฆ๐ฌ, ๐๐ฅ๐๐ญ๐๐จ๐ซ๐ฆ๐ฌ, ๐๐ฎ๐ข๐๐๐ฌ, ๐๐จ๐จ๐ค๐ฌ, ๐๐ง๐ ๐๐๐๐ฅ ๐๐๐ฉ๐จ๐ซ๐ญ๐ฌ? ๐Do Follow+โค๏ธLike+๐Retweet+๐ฌDM "Bounty" on @brutsecurity_bot #BugBounty #BugBountyTipsยป
1. Null-byte injection:
- /google.com%00/
- //google.com%00
2. Base64 encoding variations:
- aHR0cDovL2dvb2dsZS5jb20=
- aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbQ==
- //base64:d3d3Lmdvb2dsZS5jb20=/
3. Case-sensitive variations:
- //GOOGLE.com/
- //GoOgLe.com/
4. Overlong UTF-8 sequences:
- %C0%AE%C0%AE%2F (overlong encoding for ../)
- %C0%AF%C0%AF%2F%2Fgoogle.com
5. Mixed encoding schemes:
- /%68%74%74%70://google.com
- //base64:%32%46%32%46%67%6F%6F%67%6C%65%2E%63%6F%6D
- //base64:%2F%2Fgoogle.com/
6. Alternative domain notations:
- //[email protected]/
- //127.0.0.1.xip.io/
- //0x7F000001/ (hexadecimal IP)
7. Trailing special characters:
- //google.com/#/
- //google.com/;&/
- //google.com/?id=123&//
8. Octal IP address format:
- https://0177.0.0.1/
- https://00177.0000.0000.0001/
9. IP address variants:
- https://3232235777 (decimal notation of an IP)
- https://0xC0A80001 (hex notation of IP)
- https://192.168.1.1/
10. Path traversal with encoding:
- /..%252f..%252f..%252fetc/passwd
- /%252e%252e/%252e%252e/%252e%252e/etc/passwd
- /..%5c..%5c..%5cwindows/system32/cmd.exe
11. Alternate protocol inclusion:
- ftp://google.com/
- javascript:alert(1)//google.com
12. Protocol-relative URLs:
- :////google.com/
- :///google.com/
13. Redirection edge cases:
- //google.com/?q=//bing.com/
- //google.com?q=https://another-site.com/
14. IPv6 notation:
- https://[::1]/
- https://[::ffff:192.168.1.1]/
15. Double URL encoding:
- %252f%252fgoogle.com (encoded twice)
- %255cgoogle.com
16. Combined traversal & encoding:
- /%2E%2E/%2E%2E/etc/passwd
- /%2e%2e%5c%2e%2e/etc/passwd
17. Reverse DNS-based:
- https://google.com.reverselookup.com
- //lookup-reversed.google.com/
18. Non-standard ports:
- https://google.com:81/
- https://google.com:444/
19. Unicode obfuscation in paths:
- /%E2%80%8Egoogle.com/
- /%C2%A0google.com/
20. Query parameters obfuscation:
- //google.com/?q=https://another-site.com/
- //google.com/?redirect=https://google.com/
21. Using @ symbol for userinfo:
- https://admin:[email protected]/
- https://@google.com
22. Combination of userinfo and traversal:
- https://admin:[email protected]/../../etc/passwd
Please open Telegram to view this post
VIEW IN TELEGRAM
1โค5๐3๐ฟ1
๐ ๐ฃ๐ผ๐น๐น ๐ง๐ถ๐บ๐ฒ: ๐๐ฟ๐ฒ ๐ฌ๐ผ๐ ๐ฅ๐ฒ๐ฎ๐ฑ๐ ๐ณ๐ผ๐ฟ ๐ฃ๐ฟ๐ผ ๐๐ฎ๐ฏ๐? ๐
๐๐ฒ๐ ๐ต๐ฎ๐ฐ๐ธ๐ฒ๐ฟ๐! ๐ ๐๐ฒ๐โ๐ ๐๐ฒ๐ฒ ๐๐ต๐ฒ๐ฟ๐ฒ ๐ฒ๐๐ฒ๐ฟ๐๐ผ๐ป๐ฒ ๐๐๐ฎ๐ป๐ฑ๐ ๐ถ๐ป ๐๐ต๐ฒ๐ถ๐ฟ ๐ต๐ฎ๐ฐ๐ธ๐ถ๐ป๐ด ๐ท๐ผ๐๐ฟ๐ป๐ฒ๐! ๐๐ฎ๐ฐ๐ธ ๐ง๐ต๐ฒ ๐๐ผ๐ โ๐ ๐ฃ๐ฟ๐ผ ๐๐ฎ๐ฏ๐ ๐ผ๐ณ๐ณ๐ฒ๐ฟ ๐ฟ๐ฒ๐ฎ๐น-๐๐ผ๐ฟ๐น๐ฑ ๐ฟ๐ฒ๐ฑ ๐๐ฒ๐ฎ๐บ๐ถ๐ป๐ด ๐ถ๐ป ๐ฒ๐ป๐๐ฒ๐ฟ๐ฝ๐ฟ๐ถ๐๐ฒ ๐ฒ๐ป๐๐ถ๐ฟ๐ผ๐ป๐บ๐ฒ๐ป๐๐ โ ๐ฎ ๐ฏ๐ถ๐ด ๐๐๐ฒ๐ฝ ๐๐ฝ ๐ถ๐ณ ๐๐ผ๐โ๐ฟ๐ฒ ๐น๐ผ๐ผ๐ธ๐ถ๐ป๐ด ๐๐ผ ๐๐ฎ๐ธ๐ฒ ๐๐ผ๐๐ฟ ๐๐ธ๐ถ๐น๐น๐ ๐๐ผ ๐๐ต๐ฒ ๐ป๐ฒ๐ ๐ ๐น๐ฒ๐๐ฒ๐น.
๐ ๐ฉ๐ผ๐๐ฒ ๐ฎ๐ป๐ฑ ๐๐ฒ๐ฒ ๐๐ต๐ฒ๐ฟ๐ฒ ๐๐ผ๐ ๐๐๐ฎ๐ป๐ฑ ๐๐ถ๐๐ต ๐๐ต๐ฒ ๐ฐ๐ผ๐บ๐บ๐๐ป๐ถ๐๐! #๐๐๐ฏ๐ฒ๐ฟ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ #๐๐ฎ๐ฐ๐ธ๐ถ๐ป๐ด #๐ฃ๐ฟ๐ผ๐๐ฎ๐ฏ๐ #๐๐ฎ๐ฐ๐ธ๐ง๐ต๐ฒ๐๐ผ๐
๐๐ฒ๐ ๐ต๐ฎ๐ฐ๐ธ๐ฒ๐ฟ๐! ๐ ๐๐ฒ๐โ๐ ๐๐ฒ๐ฒ ๐๐ต๐ฒ๐ฟ๐ฒ ๐ฒ๐๐ฒ๐ฟ๐๐ผ๐ป๐ฒ ๐๐๐ฎ๐ป๐ฑ๐ ๐ถ๐ป ๐๐ต๐ฒ๐ถ๐ฟ ๐ต๐ฎ๐ฐ๐ธ๐ถ๐ป๐ด ๐ท๐ผ๐๐ฟ๐ป๐ฒ๐! ๐๐ฎ๐ฐ๐ธ ๐ง๐ต๐ฒ ๐๐ผ๐ โ๐ ๐ฃ๐ฟ๐ผ ๐๐ฎ๐ฏ๐ ๐ผ๐ณ๐ณ๐ฒ๐ฟ ๐ฟ๐ฒ๐ฎ๐น-๐๐ผ๐ฟ๐น๐ฑ ๐ฟ๐ฒ๐ฑ ๐๐ฒ๐ฎ๐บ๐ถ๐ป๐ด ๐ถ๐ป ๐ฒ๐ป๐๐ฒ๐ฟ๐ฝ๐ฟ๐ถ๐๐ฒ ๐ฒ๐ป๐๐ถ๐ฟ๐ผ๐ป๐บ๐ฒ๐ป๐๐ โ ๐ฎ ๐ฏ๐ถ๐ด ๐๐๐ฒ๐ฝ ๐๐ฝ ๐ถ๐ณ ๐๐ผ๐โ๐ฟ๐ฒ ๐น๐ผ๐ผ๐ธ๐ถ๐ป๐ด ๐๐ผ ๐๐ฎ๐ธ๐ฒ ๐๐ผ๐๐ฟ ๐๐ธ๐ถ๐น๐น๐ ๐๐ผ ๐๐ต๐ฒ ๐ป๐ฒ๐ ๐ ๐น๐ฒ๐๐ฒ๐น.
๐ ๐ฉ๐ผ๐๐ฒ ๐ฎ๐ป๐ฑ ๐๐ฒ๐ฒ ๐๐ต๐ฒ๐ฟ๐ฒ ๐๐ผ๐ ๐๐๐ฎ๐ป๐ฑ ๐๐ถ๐๐ต ๐๐ต๐ฒ ๐ฐ๐ผ๐บ๐บ๐๐ป๐ถ๐๐! #๐๐๐ฏ๐ฒ๐ฟ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ #๐๐ฎ๐ฐ๐ธ๐ถ๐ป๐ด #๐ฃ๐ฟ๐ผ๐๐ฎ๐ฏ๐ #๐๐ฎ๐ฐ๐ธ๐ง๐ต๐ฒ๐๐ผ๐
๐11โค2
๐ ๐ช๐ต๐ถ๐ฐ๐ต ๐ฏ๐ฒ๐๐ ๐ฑ๐ฒ๐๐ฐ๐ฟ๐ถ๐ฏ๐ฒ๐ ๐๐ผ๐?
Anonymous Poll
45%
Beginner โ Iโm still learning the basics.
29%
Intermediate โ Iโm comfortable with CTFs and regular HTB labs.
18%
Advanced โ Iโm looking for real-world, red team experiences.
8%
Pro โ Iโm ready to dive into Pro Labs and tackle enterprise-level challenges!